Pretty sure that this got copied from below in 317cc8fb and should be dict_t, i.e. the case of the "font dictionary" being a (single) font resource itself.

This covers the main parse result and a possible "error parse", but not the calls to h_parse() in filters and parse_obj().

Avoids the use of malloc(). Also factors out table initialization to a function lzw_init_table().

If we are actually processing page content, that is.

A mistake snuck into commit 76e546ce, taking the last element of the xrefs array as the "last" trailer section. But the array is filled in reverse order by following the chain of startxref and /Prev pointers, so the (logical) last/latest section is xrefs[0].

Since HBytes is a length/pointer pair and not a null-terminated string, we must pass the length as an argument to printf. The correct format specifier for that is "%.*s" (string with "precision" = length), not "%*s" (string with minimum field width).

Forgotten in b3dda3fe when adding the input file name to error messages.

Finished reviewing past modifications to parse_xrefs(). NB: All code attributed to Sumit Ray has been removed from this function.

Improve on the bugfix in commit a5abf1e2: - Reinstate the assert for 'res->ast != NULL'. If it fails, there is a bug in the parser, not an error in the input file. - Provide a distinct error message for the case where p_xref fails on a cross-reference stream because of invalid data. - Only skip storing the invalid section. Try to follow the /Prev entry in the stream dictionary to find more sections.

I cannot tell what this refers to. The (nonexistent) else case of the if statement above it is simply the case of the object number in question not falling within this subsection. Anyway, the function lookup_xref() is a low-level utility used during parsing, not a place to produce error messages.

HParseResult was introduced in 6b54ebfa (generally parse stream objects) to hold the result of parsing the stream data, including the application of any filters. This is produced in act_ks_value(). The fact that parse errors in stream data are thus detectable is in fact significant for xref stream processing, so we should not just return the bare data on error.

While it might seem like a good idea to "grade" errors by severity, we are not *really* in any place to do so accurately. Our tasks are (a) to decide, internally, whether to print a message or silently ignore a malformation, and (b) to ultimately judge the file valid or invalid as a whole. Note that the latter part, as stated before, is not the responsibility of parse_xrefs(). Reinstate the input file name in these error messages. That information is useful when running the program on multiple files from a script, as we have been doing. While we're at it, fix style (line lengths).

Both currently fail because the parser proper does not validate these offsets.

Now that we are validating the offset ourselves, we no longer need h_seek() to do our bounds checking. But add a defensive assert just in case.

Mirrors the check for startxref. I considered unifying the two into one test at the start of the loop, but then we would lose the information whether we got the offset from startxref or a /Prev.

This is useful information, especially in hex, when looking into the file. The invalid value itself, on the other hand, is not so useful.

The correct and standard format specifier for values of type size_t is %zu. There is no need to point out the valid bounds. Match style with the other messages.

The offset can never be negative (size_t is unsigned). And this treated offset = 0 as out of bounds, which is nonsense. In fact, offset == size is also not invalid (it is the end of file).

Passing the aux struct by reference may look cleaner, but it was deliberate to keep parse_xrefs() independent of that struct, since the latter is conceptually part of the parser's interface and the former is not. Also, this way parse_xrefs() has a proper return value that signals success or failure. Plus, no ugly indirection or temporary variable is needed to access sz.